diff options
Diffstat (limited to 'static/files/articles/site-backend')
4 files changed, 58 insertions, 32 deletions
diff --git a/static/files/articles/site-backend/pablotron.onion.conf.txt b/static/files/articles/site-backend/pablotron.onion.conf.txt new file mode 100644 index 0000000..9c80ede --- /dev/null +++ b/static/files/articles/site-backend/pablotron.onion.conf.txt @@ -0,0 +1,40 @@ +server { + listen unix:/var/run/tor/pablotron.sock; + server_name pablotronfils76sk6pwvyoosvfjbhxe3sn4c654e4na4szidbnbqdyd.onion; + root /store/www/pablotronfils76sk6pwvyoosvfjbhxe3sn4c654e4na4szidbnbqdyd.onion/htdocs; + index index.html; + access_log /var/log/nginx/pablotron-access.log; + + # enable compression, compress common types + gzip on; + gzip_types text/html text/plain text/xml text/css text/javascript application/x-javascript text/csv application/json text/json image/svg+xml; + + # security headers (see comments in apache config) + add_header "X-Frame-Options" "SAMEORIGIN"; + add_header "X-Content-Type-Options" "nosniff"; + add_header "Cross-Origin-Opener-Policy" "same-origin"; + add_header "Cross-Origin-Resource-Policy" "same-origin"; + add_header "Access-Control-Allow-Origin" "http://pablotronfils76sk6pwvyoosvfjbhxe3sn4c654e4na4szidbnbqdyd.onion"; + add_header "Referrer-Policy" "strict-origin-when-cross-origin"; + add_header "Permissions-Policy" "camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), usb=()"; + + # different from apache; POST method not needed + add_header "Access-Control-Allow-Methods" "GET, HEAD, OPTIONS"; + + location ~ \.(ico|jpg|jpeg|png|gif|webp|svg|js|json|css)$ { + # cache images, stylesheets, and javascript for 1 year + # note: caching makes a BIG difference when browsing via tor + expires 1y; + } + + location ~ \.svg$ { + # relax Content-Security-Policy for SVGs to allow + # `style-src-attr 'unsafe-inline'` + add_header "Content-Security-Policy" "default-src 'self'; img-src 'self'; style-src-attr 'self' 'unsafe-inline'"; + } + + location ^~ \.svg$ { + # default Content-Security-Policy + add_header "Content-Security-Policy" "default-src 'self'; img-src 'self' https://pmdn.org"; + } +} diff --git a/static/files/articles/site-backend/pablotron.org.conf.txt b/static/files/articles/site-backend/pablotron.org.conf.txt index 97a60d2..59ef28c 100644 --- a/static/files/articles/site-backend/pablotron.org.conf.txt +++ b/static/files/articles/site-backend/pablotron.org.conf.txt @@ -30,6 +30,9 @@ # POST needed for /hooks Header append "Access-Control-Allow-Methods" "POST, GET, HEAD, OPTIONS" + # expose tor onion service (2025-05-18) + Header set "Onion-Location" "http://pablotronfils76sk6pwvyoosvfjbhxe3sn4c654e4na4szidbnbqdyd.onion%{REQUEST_URI}s" + # cache images, stylesheets, and javascript for 1 year <FilesMatch "\.(ico|jpg|jpeg|png|gif|webp|svg|js|json|css)$"> Header set Cache-Control "max-age=31536000, public" diff --git a/static/files/articles/site-backend/script.js.txt b/static/files/articles/site-backend/script.js.txt index ae47804..1ab4045 100644 --- a/static/files/articles/site-backend/script.js.txt +++ b/static/files/articles/site-backend/script.js.txt @@ -1,26 +1,23 @@ 'use strict'; // -// script.js - script which handles: +// script.js: minimal JS for pablotron.org // -// - check/set dark mode (added 2024-05-27) -// - enable burger menu support +// - set theme on page load +// - bind theme switcher and burger menu event handlers // -// original notes regarding burger menu and minification are in the -// "burger menu" section below +// current sizes (2025-04-01): +// - minified: 699 bytes +// - minified/compressed: 508 bytes // -// burger menu (2024-05-27) -// ------------------------ +// notes below are slightly out of date... +// +// theme switcher (2024-05-27) +// --------------------------- // does the following: // // 1. checks for user setting and use that, if present. -// 2. otherwise check browser for preferred color scheme and use that. -// -// this works in conjunction with the styles in `assets/dark.sass` and -// has one minor quirk: there is a brief flash when the user transitions -// to a new page and has dark mode enabled. this can be removed by -// uncommenting the block at the top of `dark.sass`, but doing this -// currently breaks the light color scheme :/. +// 2. otherwise default to dark mode. // // refs: // https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme @@ -56,26 +53,16 @@ const D = document, M = window.matchMedia, on = (el, id, fn) => el.addEventListener(id, fn); -// use theme if set, otherwise fall back to dark mode -// FIXME: move to DOMContentLoaded? -// -// update (2025-03-31): prefer dark mode by default and only set light -// mode if the user has explicitly selected the light theme using the -// theme toggle. -// -// the old logic also attempted to account for "prefers-color-scheme: -// light", but i want the default to be dark unless it is explicitly -// overridden. -C.add('dark'); // unconditionally set dark mode +// light theme selected by user? if (L && L.theme && L.theme === 'light') { C.remove('dark'); // set light theme } -document.addEventListener('DOMContentLoaded', () => { +D.addEventListener('DOMContentLoaded', () => { // theme toggle event handler - on(D.querySelector('.navbar-item[data-id="theme"]'), 'click', (e) => { + on(D.querySelector('.navbar-item[data-id="theme"]'), 'click', e => { e.preventDefault(); // stop event - L.theme = C.toggle('dark') ? 'dark' : 'light'; // toggle + L.theme = C.toggle('dark') ? 'dark' : 'light'; // toggle theme }); // iterate through burgers, bind to click events diff --git a/static/files/articles/site-backend/webhook.conf.txt b/static/files/articles/site-backend/webhook.conf.txt index 254155d..1243946 100644 --- a/static/files/articles/site-backend/webhook.conf.txt +++ b/static/files/articles/site-backend/webhook.conf.txt @@ -9,10 +9,6 @@ "pass-environment-to-command": [{ "source": "string", - "envname": "DEPLOY_HTDOCS_PATH", - "name": "/data/www/pablotron.org/builds/current" - }, { - "source": "string", "envname": "DEPLOY_REPO_DIR", "name": "/data/www/pablotron.org/git" }, { |